Ask a Question

Microsoft has released a critical update (KB 2661254) as of August 14, 2012, which will end support for certificates using the RSA algorithm that has key lengths less than 1024 bits. Shorter keys have been deemed more vulnerable to brute force attacks due to continued advances in computer processing capabilities. After applying Microsoft’s update, all certificates with key lengths less than 1024 bits will be treated as invalid. This update does not apply to Windows 8, 8.1 or Windows Server 2012 because these operating systems already include the functionality to block the use of weak RSA keys that are less than 1024 bits long.

Users will likely experience a security certificate warning and then the browser will not be able to "Continue to this website anyway" or be sent to an error about "Page cannot be displayed."

Update:In October 2014, Mozilla Firefox v33 has begun to block keys less than 1024 bits in length too. Security related release notes for Firefox v33 can be found here and refer to RSA certificates using weak signatures less than 1024-bit are no longer accepted section once you access the link. Users will see an error such as "The key does not support the requested operation. (Error code: sec_error_invalid_key)."

Product Lines

The following products Network Management Card devices and product lines are affected.

All Schneider Electric Network Management Card 1 products have the capability of supporting SSL for secure web connections. All products listed above with any firmware version, auto-generates self-signed SSL Certificates 768 bits in length when HTTPS mode is enabled unless another user certificate has been pre-loaded.

Please note:Network Management Card 2 products are not affected.

Resolution

Refer to the currently available workaround options listed below:

Upload a 1024 bit SSL Certificate to the affected products - the aforementioned products all allow the user to create and upload their own 1024 bit SSL Certificate with the help of the APC Security Wizard tool, available on apc.com for download with the part number SFNMCSECWIZ104. A step by step guide is available in the Network Management Card 1's Security Handbook: http://www.apcmedia.com/salestools/ASTE-6Z5QF2/ASTE-6Z5QF2_R2_EN.pdf

Use a different web browser (such as Chrome, Firefox, etc)

Update:In October 2014, Mozilla Firefox v33 has begun to block keys less than 1024 bits in length, too. Security related release notes for Firefox v33 can be found here and refer to RSA certificates using weak signatures less than 1024-bit are no longer accepted section. One possible option is to downgrade Firefox.

Uninstall the patch

Do not apply the patch

Additional Resources

Application Note #67 has more detailed information on the Network Management Card 1 & 2 products and their security implementation.